Coupang's data breach undetected for 5 months, triggers customer alarm

Seoul, Nov 30 Anxiety and frustration are mounting following a massive data breach at e-commerce giant Coupang that local observers noted on Sunday may have been ongoing for months.

The U.S.-listed company confirmed personal information belonging to 33.7 million customers -- nearly its entire user base -- had been compromised, reports Yonhap news agency.

The breached data includes names, phone numbers, email addresses and delivery addresses. The company said payment information, credit card numbers and login credentials were not affected.

"Unauthorised access to delivery-related personal information for the affected accounts appears to have been made through overseas servers since June 24," the company said.

The police reportedly have identified at least one suspect in the case, informed sources said.

The suspect is said to be a former Chinese employee of Coupang, who is no longer with the company and has left the country, according to the sources.

The police launched an investigation into the case after receiving a complaint on Tuesday.

The company first discovered the breach on Nov. 18 and notified authorities within two days. Coupang initially reported a leak affecting approximately 4,500 customers.

As the scope of the breach proves far larger than the 4,500 accounts initially reported and extends back several months earlier than first believed, customers have expressed serious concerns about potential misuse of their compromised information.

The incident surpasses SK Telecom's data leak in April, affecting 23.2 million users, which resulted in a record fine of 134.8 billion won.

In addition, the full extent of the damage may increase as the investigation progresses. In a recent data breach case, Lotte Card initially denied on Sept. 4 that financial details had been breached, but retracted the statement two weeks later, admitting sensitive information including credit card numbers had been compromised.

Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor